Lucene search

[email protected]NVD:CVE-2006-2469

HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2469

2006-05-1910:02:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

77.8%

JSON

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

Affected configurations

NVD

Node

beaweblogic_serverMatch6.0sp6

beaweblogic_serverMatch6.1

beaweblogic_serverMatch6.1sp1

beaweblogic_serverMatch6.1sp2

beaweblogic_serverMatch6.1sp3

beaweblogic_serverMatch6.1sp4

beaweblogic_serverMatch6.1sp5

beaweblogic_serverMatch7.0

beaweblogic_serverMatch7.0sp1

beaweblogic_serverMatch7.0sp2

beaweblogic_serverMatch7.0sp3

beaweblogic_serverMatch7.0sp4

beaweblogic_serverMatch7.0sp5

beaweblogic_serverMatch8.1

beaweblogic_serverMatch8.1sp1

beaweblogic_serverMatch8.1sp2

beaweblogic_serverMatch8.1sp3

beaweblogic_serverMatch8.1sp4

beaweblogic_serverMatch9.0

References

dev2dev.bea.com/pub/advisory/189

secunia.com/advisories/20130

securitytracker.com/id?1016098

www.vupen.com/english/advisories/2006/1828

exchange.xforce.ibmcloud.com/vulnerabilities/26463

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.9

Confidence

Low

EPSS

0.006

Percentile

77.8%

JSON

Related for NVD:CVE-2006-2469

prion1 cve1 cvelist1